Orion users,
I wanted to let you know that I have obtained a production SSL certificate
from Verisign and installed this into a production Orion application server
running on Solaris. Maybe this is not big news to everyone but for me it is
significant.
After much development time with the Thawte Developer 'Test SSL Chained CA
Cert', I found out that Thawte no longer sells this type of certificate.
Also, after trying unsuccessfully to use one of their other certificates,
they sent me to Verisign.
The Verisign process is a bit murkier than the Thawte process, but no less
byzantine. Aside from the mounds of paperwork you must produce to 'prove'
you are who you say you are, the choices you are able to select when
obtaining the cert are few, in fact there is only one choice. When asked
what kind of server software/who manufactures my server software, the choice
I made was 'JavaSoft'.
That was it, after days of paperwork shuffling I was emailed a cert. I
installed this into my keystore, and then into an Orion SSL website. It
works.
Steps to obtain a cert.
1. Using the Java 1.3 JDK on Windows, I followed the instructions for
setting up a secure site using SSL as found on the Orion website and the
OrionSupport. Fill out ALL of the fields when creating your original
keystore.
Example (I'm in the US):
user firstname lastname: make this your website name - www.yoursite.com
Organization: your company name - Acme
Organizational Unit: your companies domain name - acme.com
City/Locality: your city: AcmeVille
State: your state, capitalize this - Colorado
Country: the 2 letter code for country - US
2. Create a Certificate Signing Request - again, following the instructions
on both Orion & Orionsupport, the CSR is created. You will need this when
filling out the Verisign website information. If there is anything funky in
your CSR, Verisign will notify you right there and you will not be able to
proceed until you fix whatever the error is.
3. Begin the paperwork process with Verisign. Their site details what is
required so I won't repeat it here. Be advised that if you are in a
hurry..., sit back, take a deep breath (maybe a glass of scotch), and chill
out. They don't care. Nothing moves on their end until you produce ALL of
the required paperwork. Now, you can help speed things a bit but quickly
faxing everything they ask for, then following up with a phone call to
customer support.
4. Magically, you will get an email from Verisign with a cert attached. Copy
this to a file and import this into your keystore as described in
Orion/Orionsupport.
5. Install your keystore into a SSL website. You should be good to go now.
Now I would like to say this is a happy ending, and for the most part it is.
However, I still cannot use Orion in production with SSL because of a weird
problem when accessing the ORion SSL website using Netscape. Doing this
causes the Orion JVM to go to 100% CPU utilization and the application
crawls. It does not happen right away, but as soon as I do my first POST on
a page after transferring into SSL from non-SSL, the cpu goes to 100% and
stays there. I experience this on my development system, WindowsNT 4 (SP6).
I have notified the Orion team about this and hopefully they are working on
a solution. If anyone else has seen this and figured out a workaround, we'd
love to hear from you.
Regards,
Mike
========================================
Mike Fontenot - Object Systems Architect
BrandMatrix, Ltd.
Golden, Colorado
========================================
